The Personal Data Protection Act and Spam Control Act – Amendments

Amendments to the Personal Data Protection Act and Spam Control Act All that’s new in the digital realm with the amendments to the Personal Data Protection Act and Spam Control Act.

The year 2020 has seen significant global change, not just in world economies but also in the legislation that govern and safeguard nations. As we shift quickly into a digital economy, data becomes the most sought-after commodity and needs careful governance. The latest amendments to the Personal Data Protection Act and Spam Control Act in Singapore is reflective of these changes.

The Personal Data Protection Act (PDPA) was enacted in 2012, followed by comprehensive reviews. The latest by the Ministry of Communication and Information (MCI) resulted in the Personal Data Protection (Amendment) Bill 2020 (Bill). This was passed by Parliament on the 2nd of November 2020 and extended to related amendments to the Spam Control Act.


Changes That Enhance Security

The amendments ensure that Singapore’s legislative landscape evolves to be ‘fit for the purpose’ of governing a multifaceted data-driven digital economy. The Bill’s underlying focus is on strong security with a degree of accountability that facilitates innovation, encompassing both individuals and organizations. By improving organizational accountability, consumer trust and autonomy is reinforced.

In instituting the amendments, the MCI focused on the ability of data analytics to drive transformational processes in products, services, and emerging technologies. The fundamental premise is to maintain Singapore’s consent-based governance towards data protection while enabling flexibility for organizational innovation.

The Bill identifies grounds whereby exception to consent arises, which specifically focuses on business improvement. Organizations can utilize personal data without consent for the improvement, enhancement, or development of existing or new goods or services. This extends to existing or new methods of processing and analytics of consumer behaviour, preferences, and customization or personalization opportunities.

The exception only applies on specific grounds, which looks at the purpose of the exception. It specifically excludes direct marketing reasons, amongst others. The requirement of business improvement also only applies in a group context. It only extends to existing or prospective customers of an organization or its related group of companies.

The Bill also provides exceptions for data portability obligations, which allows individuals to request the transmission of their data. The amendments give freedom to individuals to deal with their data while balancing it against organizations’ need to maintain a competitive edge. The exceptions cover the type of applicable data and circumstances where obligations need not be met.

The Bill makes it compulsory to report any data breaches to the Personal Data Protection Commission within three calendar days. Contravening the PDPA results in financial penalties, and the amendment has introduced changes in the cap. Organizations can now be fined 10% of their annual turnover or SGD1 million, whichever is higher. The Bill also created new offences for individuals, in particular, the Egregious Mishandling of Personal Data. This is indicative of the need to ensure accountability in data protection applies across the board to everyone.


Making a Good Thing Better

By providing an enhanced PDPA, the Government seeks to secure Singapore as a leading global commercial hub in the current digital economy. By safely sharing and analyzing data, businesses can innovate while individuals can enjoy greater protection.

To learn more about the amendments to the Personal Data Protection Act and Spam Control Act, Contact 3E Accounting today. Our team of professionals are ready to guide you towards better understanding and compliance.

Amendments to the Personal Data Protection Act and Spam Control Act